By rcarson on

OG, drupal 4.6, is not restricting access to view content for anonymous users. Anonymous users have full access to view group content. I have been trying to see if there was something I have missed in the installation, I don't believe I have. And no posts on the forum as of yet. I am not sure how to fix this but someone else probably does. Is this a feature of organic groups or should I submit a bug report?

Comments

Cromicon’s picture

Cromicon commented

same here... this can't be right surely?

seanberto’s picture

seanberto commented

Assuming you probably got this fixed by now, but I just spent 5 hrs on the same problem again today. This seems to happen every time I try to use multiple permissions/access modules at the same time. This time, it happened when I installed the node priveledges by role module.

Look at your Node Access Table and see if there's a number of records there that shouldn't be. I ended up deleting all of them and then recreating the 2 initial records that the OG.mysql file creates.

Cheers,
-sean

Sean Larkin

Kieg Khan’s picture

Kieg Khan commented

Hello,

Not sure if this will help, but when I first started using Taxonomy Access to limit the content to certain users I found that the anonymous user could see everything. If you look at the node_access table, then the very first entry is probably:

nid=0, gid=0, realm=all, grant_view=1, grant_update=0, grant_delete=0.

What this effectively does is allows anonymous users to see any content.
If you change grant_view=0, then you are telling the system that anonymous user cannot see any content unless explicitly allowed.

In my system I configure Taxonomy Access to allow anonymous user to see certain content but not other content.

Thanks.

tedhogan’s picture

tedhogan commented

I have the same problem. This is unfortunate.

Why is the closed group home page (group node) visible to unregistered users?

This just doesn't make any sense to me. It's not very clear at all how OG 4.7 integrates with the forums either. I would like to have a members only forum that is not visible at all to non-members, but this seems improssible.

I do not understand why basic features of old 1980's BBS' are either so obsucure as to be useless or absent all together in today's CMS.

jonathan_hunt’s picture

jonathan_hunt commented

In og.module, function og_save_permissions(), ~ line 1526, there's the comment

// all groups are publically accessible, although their posts may not be
// if you really want an inaccessible group homepage, you should go to node_access table and delete the record which is inserted here.

So in node_access table, for og group with node=2, I deleted the row "2 0 og_all 1 0 0".

This makes the group non-public to non-subscribers.

Also, to ensure all future groups I create are also non-public, I edited the line ~1529 in the same function to be:

$sql = "INSERT INTO {node_access} (nid, gid, realm, grant_view) VALUES (%d, 0, 'og_all', 0)";

instead of 'og_all',1.

Steel Rat’s picture

Steel Rat commented

This REALLY needs to be an option inside the OG module. As it stands even registered users that are not members of the group can post to the group and see their post. Groups really should be encapsulated better, insulated from non-members entirely, otherwise there's not much sense in them being groups.

Steel Rat
Drupal Site: RPGMapShare.com

Steel Rat’s picture

Steel Rat commented

the "fix" only seems to affect the group's home page, which is the least of the problems. Users can still see and post to group forums, though they cannot see content targeted to the group. Again, the group needs to be a totally separate community from the main site.

Steel Rat
Drupal Site: RPGMapShare.com

beginner’s picture

beginner commented

the issue has been filed here: http://drupal.org/node/69297.

--
http://www.reuniting.info/
Healing with Sexual Relationships.
http://www.wechange.org/
We live in a world of solutions.